The InfoSec Blog
22Mar/16

Cyber risk in the business

https://normanmarks.wordpress.com/2015/06/05/cyber-risk-and-the-boardroom/

The take-away that is relevant :

Cyber risk should not be managed separately from enterprise or business risk. Cyber may be only one of several sources of risk to a new initiative, and the total risk to that initiative needs to be understood.

Cyber-related risk should be assessed and evaluated based on its effect on the business, not based on some calculated value for the information asset.

A few other things in there too, but those are the leading ones that I think the techie geeks that are attracted to InfoSec need to learn is expressed well in those two phrases. Its not about the technology, its about the business. Its why I hate the term "Cyber-". Information Security risks existed in the days of typewriters, carbon copies and filing cabinets. Security risks existed in the days of hand written messages and horse-back couriers.

http://en.wikipedia.org/wiki/Special_Order_191

https://leadershipdynamics.wordpress.com/2010/06/17/3-cigars-that-could-have-changed-the-civil-war/

Why do I say this?

Back in my banking days one officer at the bank said

The bank *IS* the computer

I saw his point but ultimately the bank is its dealings with people.
If people loose confidence in the bank, it will fail.
It has happened in the past; it can happen again, and all the
"Cyber-security" in the world won't help.

Posted by Anton Aylward

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.